For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Feb 24, 2022

HSL Loggin & Splunk

Hi Everyone,

We are trying to build to HSL logging via the irules to the splunk. Here are the steps implemented so far.

1. created a UDP 514 pool with remote logging servers.

when CLIENT_ACCEPTED {
set client_address [IP::client_addr]
set syslogpool "splunk_hsl_pool_514"
set vip [IP::local_addr]
set hsl [HSL::open -proto UDP -pool $syslogpool]
}
when CLIENTSSL_HANDSHAKE {
set ssl_cipher_negotiated [SSL::cipher name]
set ssl_version [SSL::cipher version]
#log local0. "Ciphers: $ssl_cipher_negotiated & the version :$ssl_version"
HSL::send $hsl "Ciphers: $ssl_cipher_negotiated & the version :$ssl_version"
}

3. The irule applied on to the Virtual servers.

I couldnt see anything when i search in splunk. It would be great if any one can help me with this.

application delivery

1 Reply

neeeewbie
MVP
Feb 28, 2022
Hi

did you see any log on /var/log/ltm ?

please check logs

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5